The modern perspective on cybersecurity has ancient roots. For millennia, humans have built walls, posted sentries, vetted their interlocutors, and established watchmen to ensure that behaviors and interactions meet established standards for propriety and orthodoxy (h/t to Juvenal; quis custodiet ipsos custodes indeed) in an effort to ensure that only those duly authorized have access to things of value. This paradigm is faithfully replicated in our digital environments. We speak of and implement network perimeters, firewalls, access control lists, role-based access control, and continuous monitoring, while continuing to ignore fundamental security realities that have maintained since walls were first built around Uruk and Jericho.
In other words, the orthodox approach to cybersecurity is militant in nature. It’s essentially a matter of manning the ramparts, raising the drawbridge, and defending the walls built around our valuables.
It’s not atypical for a medium-sized company to spend seven figures annually on cybersecurity initiatives that include a combination of hardware, software, and professional talent dedicated to perimeter security, monitoring and surveillance, and continuous remediation. In other words, guards, gates and guns. This leads to a pair of uncomfortable questions: One, if the paradigm has failed for millennia, why is investment in it continuing? And, two, how do organizations and individuals that can’t afford million dollar cybersecurity investments protect themselves – or do they?
What if we stood the security paradigm on its head?
What if it was possible to transparently, pervasively, inexpensively, and effortlessly harden the desirable things themselves, i.e., the data, such that their theft became irrelevant? In that case, it wouldn’t matter if a malicious actor made off with an organization’s data because they’d be unable to do anything with it. A “successful” attack would be akin to stealing a room full of diamonds that turned to water in the thieves’ hands. This eliminates the incentive for data theft attacks.
What if the incentive for extortionate attacks could be eliminated by reducing recovery times to minutes? Any incentive to submit to cyber extortion would be eliminated, reducing or eliminated the economic basis for such attacks.
Why aren’t we all demanding that this security be delivered within a business solution that reduces friction, and enables collaboration and cooperation across the organization’s ecosystem?
Security has never been about the guards, gates, and guns; it’s always been about value. It’s time to break the chains of restrictive, inconvenient, and often ineffective security paradigms, reduce costs, and achieve meaningful protections while accelerating business activities. Let’s change the game and play it on our terms.
Build it right!